Creating Parameterized Default Attribute Values

Identity Synchronization for Windows allows you to create parameterized default
values for attributes using other creation or significant attributes.

To create a parameterized default attribute value, you embed an existing creation or significant
attribute name— preceded and followed by percent symbols (%attribute_name%) — in an expression
string. For example, homedir=/home/%uid% or cn=%givenName% %sn%.

When you create these attribute values:

You can use multiple attributes in a creation expression (cn=%givenName% %sn%).

If A=0, then B can
have one default value only.

You can use the backslash symbol (\\) for
quoting (for example, diskUsage=0\\%).

Do not use expressions that have cyclic substitution conditions
(for example, if you specify description=%uid%, you cannot
use uid=%description%..)

Note –

When Group Synchronization is enabled, the following are important:

The creation expression supported at Active Directory is cn=%cn%.

The creation expression must contain valid attribute names
belonging to the group objectclass also since the creation expression is common
to both user as well as the group.

For example: The attribute
sn is not part of the groupofuniquenames objectclass at
the Directory Server. Hence the following creation expression would be invalid
for a group object. (Though it would work fine for user.)

cn=%cn%.%sn%

The attribute used in the creation expression must be provided
with a value for every user/group entry created. The value maybe provided
using the command line interface, if the console does not have the provision.